On Thu, Feb 04, 2021 at 01:26:44PM +0100, Hiltjo Posthuma wrote: > On Tue, Jan 26, 2021 at 08:27:24PM +0100, Hiltjo Posthuma wrote: > > On Tue, Jan 26, 2021 at 03:56:11PM +0000, Stuart Henderson wrote: > > > On 2021/01/26 15:31, Clemens Gößnitzer wrote: > > > > January 26, 2021 3:44 PM, "Hiltjo Posthuma" <hil...@codemadness.org> > > > > wrote: > > > > > On Sat, Jan 16, 2021 at 04:29:27PM +0100, Hiltjo Posthuma wrote: > > > > >> On Mon, Jan 11, 2021 at 07:50:55PM +0100, Hiltjo Posthuma wrote: > > > > >> > > > > >> The below patch pledges the iconv binary in the libiconv package. > > > > >> The tool is > > > > >> useful for converting text-encoding of text data to UTF-8 for > > > > >> example. > > > > >> > > > > >> It now uses pledge("stdio", NULL) if only using stdin/stdout. It uses > > > > >> pledge("stdio rpath", NULL) when specifying files. > > > > >> > > > > >> I've tested many command-line option combinations and haven't found > > > > >> missing > > > > >> promises which cause an abort(). > > > > >> > > > > >> Patch: > > > .. > > > > >> +@@ -846,6 +849,9 @@ > > > > >> + struct iconv_hooks hooks; > > > > >> + int i; > > > > >> + int status; > > > > >> ++ > > > > >> ++ if (pledge(i == argc ? "stdio" : "stdio rpath", NULL) == -1) > > > > > > > > Wouldn't you use i uninitialised here? > > > > > > > > >> ++ err(1, "pledge"); > > > > >> + > > > > >> + set_program_name (argv[0]); > > > > >> + #if HAVE_SETLOCALE > > > > >> -- > > > > > > Yes, it needs to be done after parsing the arguments in the loop after > > > calling textdomain(). > > > > > > Looks like it was previously done like that but moved before sending out > > > the diff? I assume it was moved so that more of the code was moved under > > > pledge. Better approach might be to unconditionally pledge stdio rpath, > > > then, after the loop, conditionally pledge again to drop rpath if > > > possible. > > > > > > It would be nicer to use the error function used in the rest of > > > the file rather than pulling in another header for err(). > > > > > > > Hi, > > > > Thanks both for the review! I updated the changes in the patch below. > > It was indeed a mistake in creating the patch, I'm sorry for the sloppiness. > > > > > > From dbb04c280d8ca368da43c0fdf185c3e9a4a59050 Mon Sep 17 00:00:00 2001 > > From: Hiltjo Posthuma <hil...@codemadness.org> > > Date: Tue, 26 Jan 2021 20:21:32 +0100 > > Subject: [PATCH] libiconv: pledge iconv(1) binary > > > > --- > > converters/libiconv/Makefile | 3 +- > > converters/libiconv/patches/patch-src_iconv_c | 29 +++++++++++++++++++ > > 2 files changed, 31 insertions(+), 1 deletion(-) > > create mode 100644 converters/libiconv/patches/patch-src_iconv_c > > > > diff --git a/converters/libiconv/Makefile b/converters/libiconv/Makefile > > index 2ab58ea4519..5c8043270de 100644 > > --- a/converters/libiconv/Makefile > > +++ b/converters/libiconv/Makefile > > @@ -5,7 +5,7 @@ COMMENT= character set conversion library > > DISTNAME= libiconv-1.16 > > CATEGORIES= converters devel > > MASTER_SITES= ${MASTER_SITE_GNU:=libiconv/} > > -REVISION= 0 > > +REVISION= 1 > > > > SHARED_LIBS= charset 1.1 \ > > iconv 7.0 > > @@ -17,6 +17,7 @@ MAINTAINER= Brad Smith <b...@comstyle.com> > > # LGPLv2 and GPLv3 > > PERMIT_PACKAGE= Yes > > > > +# uses pledge() > > WANTLIB= c > > > > SEPARATE_BUILD= Yes > > diff --git a/converters/libiconv/patches/patch-src_iconv_c > > b/converters/libiconv/patches/patch-src_iconv_c > > new file mode 100644 > > index 00000000000..9b673fbe5db > > --- /dev/null > > +++ b/converters/libiconv/patches/patch-src_iconv_c > > @@ -0,0 +1,29 @@ > > +--- src/iconv.c.orig Fri Apr 26 20:50:13 2019 > > ++++ src/iconv.c Tue Jan 26 20:07:34 2021 > > +@@ -19,6 +19,8 @@ > > + # define ICONV_CONST > > + #endif > > + > > ++#include <unistd.h> > > ++ > > + #include <limits.h> > > + #include <stddef.h> > > + #include <stdio.h> > > +@@ -847,6 +849,8 @@ > > + int i; > > + int status; > > + > > ++ if (pledge("stdio rpath", NULL) == -1) > > ++ error(EXIT_FAILURE, errno, "pledge"); > > + set_program_name (argv[0]); > > + #if HAVE_SETLOCALE > > + /* Needed for the locale dependent encodings, "char" and "wchar_t", > > +@@ -1002,6 +1006,8 @@ > > + } > > + break; > > + } > > ++ if ((do_list || i == argc) && pledge("stdio", NULL) == -1) > > ++ error(EXIT_FAILURE, errno, "pledge"); > > + if (do_list) { > > + if (i != 2 || i != argc) > > + usage(1); > > -- > > 2.30.0 > > > > Last bump for this from me, any OKs to pledge this port? >
Another bump from me I guess. It would be nice for me to have this (POSIX) command-line binary pledge'ed. Any OKs or comments? -- Kind regards, Hiltjo